SAN FRANCISCO -- Oracle OpenWorld 2017 -- "We are losing the cyberwar," Oracle's Larry Ellison says. But Oracle's got a super-weapon that will help enterprises regain lost ground against adversaries.
"Companies are losing the cyberwar and it gets worse every year," the Oracle Corp. (Nasdaq: ORCL) chairman, chief technology and founder said in a keynote at Oracle OpenWorld on Tuesday.
Ellison started his talk reviewing two recent cyber attacks. One of course involved Equifax Inc. , in which 143 million Americans lost records, along with people from other countries as well. The stolen information included credit cards, Social Security numbers, home addresses and more. The attackers are apparently "state actors" looking to use the information, rather than thieves looking to sell it, Ellison said. (See Right & Wrong Lessons From the Equifax Breach.)
Even worse, Ellison said, was the attack on the US Office of Personnel management, where hackers -- also, apparently, state actors -- made off with records for 20 million federal employees, including security clearance data, fingerprints, social security numbers and home addresses; targets included White House personnel, foreign embassies, and Defense and State Department personnel. "And suddenly the state actor knows everything about every employee who works for the embassy in their capital city, and the consulate in their cities and other cities around the world," Ellison said.
"We are losing the cyberwar," Ellison said. And adversaries aren't the usual competitors, like a grocery chain competing with Amazon-Whole Foods. "You don't usually think about your competitor being a nation in eastern Europe who's stealing all your data, but they're a competitor also -- or at least an adversary," Ellison said.
Not Enough Red
Oracle OpenWorld this week.
Keep up with the latest enterprise cloud news and insights. Sign up for the weekly Enterprise Cloud News newsletter.
Currently, security pros review logs as best as they can and patch systems when there is downtime to make the patch, Ellison said. That failed for Equifax, where the attack was traceable to a vulnerability in Apache Struts for which a patch was already available, but not yet applied by Equifax. There's nothing wrong with open source, Ellison noted, but enterprises need to manage it.
But human beings aren't up to managing modern data centers, comprising tens and hundreds of thousands of servers, storage, operating systems, virtual machines, containers, and more, Ellison said. The job needs automation.
"We don't take the security threat terribly seriously," Ellison said. "Or every few people in our organization take it seriously. The people who are focused on security take it seriously. The people who have other jobs in the data center are trying to get their jobs done. Sometimes when there's a security audit, they say, 'No, no, no, you're just slowing me down.'"
Security needs to be done without slowing down other processes, and also needs to be elevated to top priority, Ellison said. "Nobody wants to be on the front page as having lost people's data. Equifax is a 100-year-old company and they're fighting for their survival because somebody didn't locate an instance of Apache Struts and fix it when a fix was available."
And of course Ellison says Oracle has a solution -- or part of a solution -- in the security capabilities of Oracle Management Cloud. The Management Cloud relies on the same artificial and intelligence capabilities of the Autonomous Database Cloud, which Ellison discussed previously. The database is entirely automated for updates, patches and maintenance, achieving 99.995% uptime, or just a half-hour a year of downtime. Management Cloud turns the same automation to detecting and remediating vulnerabilities and threats. (See Oracle's Ellison: We'll Beat Amazon Cloud Pricing by Half.)
Machine learning looks at vast quantities of data and finds patterns and detects anomalies. In the case of cloud security, anomalies represent potential vulnerabilities and threats, Ellison said.
The primary goal of Management Cloud is to prevent data loss. "The most important job is data theft prevention," Ellison said.
The Management Cloud collects and merges log files from a variety of Oracle's and other companies' cloud and on-premises software, and "enriches" that information to annotate it with human-understandable explanatory notes, correlating which records are associated with which application, and associated databases, servers and operating systems. "These records are associated with our general ledger, running on this application server, and accessing this database. All these users are authorized to use the general ledger. You can say 'show me the failed logins on the general ledger, also OS and database logins associated with that application,'" Ellison said. "You can't do that with a lot of separate logs that look entirely different. You can't ask a simple query like that."
Management Cloud combines log data with third-party databases of known threats and vulnerabilities, such as URLs associated with malware and ransomware, machines known to be part of a botnet, and adult sites that download malware.
Of course, it wouldn't be an Ellison keynote without Larry slagging a competitor, and this time he turned to Splunk Inc. . By Ellison standards, his criticism there was mild.
Splunk invented log analytics, he said. "They do a pretty good job," he said. But unlike Oracle, Splunk doesn't normalize log data, enrich it with configuration information, and use machine learning to separate normal and abnormal information. Also, Splunk doesn't handle remediation. "You want to go directly from identifying a problem to fixing a problem," Ellison said.
— Mitch Wagner Editor, Enterprise Cloud News